Application Security Engineer

Summary

Join DoseSpot, a PE-backed start-up and leader in electronic prescribing software, as their Application Security Engineer. This pivotal role focuses on strengthening security within the Software Development Lifecycle, safeguarding a rapid code-change environment. You will build scalable security control testing, conduct threat modeling, and collaborate with development and product teams. The position requires experience in application security, software engineering, and security principles. DoseSpot offers a remote work environment with flexible hours, generous leave, comprehensive health insurance, 401(k) matching, and other benefits.

Requirements

• Bachelor’s degree in computer science, Information Technology, or related field
• 3-5 years of experience in application security
• Strong understanding of security principles and best practices for securing end-to-end customer experience, including login mechanisms, browser security, and the protection of customer data
• A foundation in software engineering and ability to read/write code, including React, JS, Python, Powershell
• Familiarity with threat modeling paradigms such as STRIDE or STRIPED
• Familiarity with cloud-based hosting providers like AWS, GCP, or Microsoft Azure
• Prior experience across web security, secure coding, software development, cryptography, and system design
• Track record of delivering measurable improvements in application security concepts and tooling
• Strong foundation in AppSec process and tool implementation
• Excellent communication skills with the ability to influence engineering decisions through data and cross-functional stakeholder collaboration
• Demonstrated ability to independently apply a broad range of theories, concepts, principles, and methodologies to application security projects involving complex features

Responsibilities

• Collaborate with development and product teams to integrate security solutions into business-critical applications
• Conduct regular threat modeling sessions using industry-standard methodologies, such as STRIDE, integrating findings into development workflows
• Partner with DevSecOps to develop, design, implement and manage application security integration and automation within CI/CD
• Evaluate, implement, and manage AppSec tools (e.g., SAST, DAST, SCA, IaC scanning, container security) and guide engineering teams on remediation
• Build scalable, automated vulnerability management workflows and reports
• Empower engineering partners through frictionless security testing
• Lead scoping and develop requirements for manual penetration testing driven internally and by third parties, including remediation and follow up
• Participate in secure code reviews and product security testing to identify vulnerabilities
• Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards

Preferred Qualifications

• You enjoy being hands-on and solving security problems at scale
• You value collaboration in working cross-functionally with engineering and product teams
• You can bridge the gap between security and development with clarity, pragmatism, and technical fluency

Benefits

• Remote work environment with a flexible work schedule to encourage work-life balance
• Annual company offsite
• Generous leave package including flexible time off policy that encourages team members to take time off to relax and recharge; plus 13 paid holidays, paid sick leave, and paid parental leave
• Medical, dental, and vision insurance for you and your family, plus a company funded FSA & HSA (dependent on which medical plan you choose)
• 401(k) company match
• One-time workspace reimbursement to help you optimize your remote workspace